While the daily assessment of terror threats applies primarily to security professionals who are charged with protecting critical infrastructure assets, such as chemical plants, oil refineries, and transportation ports, most security professionals focus on terrorism as a high risk, low probability concern which needs to be addressed on an irregular basis. Once terrorism contingency plans, emergency procedures, and business continuity plans are established, security professionals can once again turn their attention to the daily risks that threaten an organization’s assets. Everyday crimes are the most common threat facing security professionals in protecting their assets (targets) and a thorough assessment of the specific nature of crime can reveal possible weaknesses in a facility’s security posture and provide a guide to effective solutions. A full understanding of everyday crime at specific sites allows security professionals to select and implement appropriate countermeasures to reduce the opportunity for such incidents to occur again. Eck, Clarke and Guerette state that the greatest preventive benefits will result from focusing resources high risk sites (“risky facilities”) because crime is heavily concentrated on particular people, places and things; that is for any group of similar facilities, a small proportion will experience the majority of the crime (Eck J. E., 2007).

Understanding crime has the primary benefit of assisting in good security decisions, which are effective in preventing real risks in a cost effective manner. Nick Tilley argues in favor of analysis for crime prevention as a driver for formulating prevention strategies. Analysis, according to Tilley, identifies concentrations of crime where there is a potential yield from prevention efforts and that analysis can help forecast future crime problems with the hope of developing preemptive strategies. More importantly, Tilley argues that analysis “helps find the most efficient, effective, and perhaps equitable means of prevention,” what the industry might call optimization (Tilley, 2002).

Security optimization, sometimes referred to as data driven security, refers to using metrics or data to drive a security program and reduce risk. While not all elements of a security program lend themselves to measurement, many factors can be measured effectively. In larger organizations, the security department is a business unit, not unlike other business units within an organization that must justify its existence. Security, notes Gill, needs to be businesslike and show how it contributes to the financial well-being of all aspects of organizational life (Martin Gill, 2007). A key method for justifying security is to measurably reduce risk with an optimized security program.

Optimization is a concept utilized by organizations operating in dynamic environments to effectively manage risk. Security professionals face the unique challenge of providing security that reduces crime and loss, is cost effective, and does not expose their organizations to undue liability. Thus, they must not only be knowledgeable about security technologies, but also good business decision makers and risk managers. Security costs should be commensurate with the risk and provide a measurable return on investment.

This Report, then, will answer the question: How does one measure the effectiveness of a site specific security program via crime analysis? More specifically, how do security professionals provide the optimal level of security for a site that not only reduces risk, but is also cost effective?

This Report is applicable to a broad spectrum of security professionals, including security professionals, facility managers, risk managers, and property managers. Ideally, readers will use the information to optimize their security programs. While the audience for this report is broad, facilities that serve the general public, such as retail stores, banks, hotels, gas stations, and the like will have a discernible benefit.